In Part 1 of this article series, I explained that although Windows Update is self configuring for the most part, there are a large number of registry keys that you can use to tweak Windows Update’s behavior. This is especially useful if you are downloading updates from a WSUS server. In this article, I will continue the discussion where I left off in Part 1 by exploring the remaining Windows Update related registry keys.

Before I Begin

Before I get started, I have to keep the lawyers happy by telling you that making modifications to the registry can be dangerous. Making an incorrect registry modification can destroy Windows and / or any applications that are running on the machine. You should therefore make a full system backup before attempting any of the registry tweaks that I am about to show you.

One other thing that I want to mention before I get started is that if you try some of these modifications and you don’t get the results that you are expecting, try checking to see if there is a group policy that mandates Windows update settings for the machine. Group policies can sometimes modify a registry key so that it follows the mandated behavior rather than using any modifications that might have been previously made.

Finally, I want to mention that I ended Part 1 of this article by discussing some of the registry keys found in the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\windows\Windows Update section of the registry. All of the registry keys that I will be discussing in this article are found in this section of the registry as well. None of the registry keys that I am about to show you exist by default, but you can create them to achieve the desired behavior. If you choose to create a registry key, then please keep in mind that the key names that I will be showing you are case sensitive and any of these keys that you create should be created as DWORD values.

Disabling Windows Update

The first key that I want to show you is the NoAutoUpdate key. You can use the NoAutoUpdate key to either enable or disable Windows update. Normally, this probably isn’t a key that you want to use, but it does have its place. If you happen to work in an environment with no Internet connection and you don’t have a WSUS server either, then you might disable Windows Update just to keep it from being a nuisance.

I don’t recommend creating this registry key unless you need to disable Windows Update. If you do need to disable Windows update, then you can create a key named NoAutoUpdate with a DWORD value of 1. Changing the value to 0 re-enables automatic updates.

Reboot Reminders

Have you ever applied an update to a server and then had Windows prompt you to reboot the server at a time that just wasn’t convenient? Personally, I’ve always found it annoying that Windows Update keeps prompting you to reboot your server every few minutes while you are trying to work. You can however change the reminder frequency. To do so, simply create a registry key named RebootRelaunchTimeout. The value that you assign to this registry key should reflect the number of minutes that you want Windows to wait between reminders. For example, if you wanted a reminder every half hour, then you would set the value to 30. You can set the RebootRelaunchTimeout registry key to use any positive integer from 1 to 1440.

Of course you also have the option of getting rid of reboot reminders completely. To do so, create a registry key named RebootRelaunchTimeoutEnabled, and set the value to 0. If you decide later that you want to re-enable reboot reminders then just change this key’s value to 1.

If you have ever worked with scheduled updates, you might have noticed that Windows can be configured so that the computer automatically reboots after an update requiring a reboot is applied. When automatic update is configured in this way, the user will receive a warning message before their computer reboots. The warning says something like “your computer will reboot in 5 minutes”. As you might have already guessed though, this reboot count down is controlled by the Windows registry. You can therefore tweak the registry to give users more or less warning prior to a reboot.

To create a custom reboot count down, simply create a registry key named RebootWarningTimeout. You can then assign this key a value that corresponds to the number of minutes that you want to give the user from the time that the warning is first displayed until the computer is rebooted. For example, setting this registry key to a value of 10 would give the users a ten minute warning. Valid values include positive integers ranging from 1 to 30.

If you plan on using the RebootWarningTimeout key to specify a custom reboot warning countdown, you will have to use the RebootWarningTimeoutEnabled registry key to enable it. To do so, create a registry key named RebootTimeoutWarningEnabled, and set its value to 1. Setting this value to 0 will cause Windows to use a five minute reboot countdown regardless of what has been set through the RebootWarningTimeout key.

Applying Missed Updates

Although Windows Update gives you the ability to schedule updates, things can happen that cause a computer to miss the scheduled update period. For example, the computer could be turned off at the scheduled update time. When a scheduled update is missed, Windows will attempt to install the update the next time that the computer is booted. However, it can be disruptive to the user to have updates installed as soon as their computer boots up. You can therefore set a timer to control the number of minutes that Windows should wait after the system boots to install missed scheduled updates.

Before I show you how to set the timer, I should mention that this only applies to missed scheduled updates, not updates with an expired deadline. With that said, you can create the timer by creating a registry key named RescheduleWaitTimer and assigning it a value that reflects the number of minutes that Windows should wait from the time that the system boots until missed updates are installed. Valid values are positive integers ranging from 1 to 60.

If you plan on using the RescheduleWaitTime registry key, you will have to use a second registry key to enable it. The name of the second required key is RescheduleWaitTimeEnabled. Assigning this key a value of 1 will enable the reschedule wait timer registry key, where as setting this key to a value of 0 will cause the wait timer to be ignored.

Scheduling Installations

I have talked a lot about scheduled installations, but I want to show you one last trick. You can use the registry to set the installation schedule. There are two registry keys that are used when scheduling an update. The first of these keys is ScheduledInstallDay. I recommend assigning this key a value of 0 which tells Windows that updates should be installed regardless of what day it is. You can however specify a day by specifying a positive integer ranging from 1 to 7. The number that you specify designates a day of the week. A value of 1 sets the installation day to Sunday. Setting the value to 2 sets installation day to Monday. If you are going to limit installations to one day a week, then I recommend using Wednesday since most Microsoft patches are released on Tuesday.

One thing that you need to know about the ScheduledInstallDay key is that it is ignored unless the HKEY_LOCAL_MACHINES\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions key is set to a value of 4. I discussed this key in Part 1.

The last key that I want to talk about is the ScheduledInstallTime key. This key tells Windows what time of day updates should be installed. Valid values for this key are positive integers ranging from 1 to 24, which reflect the hour of the day in military time. As such, a value of 3 would reflect a 3:00 AM installation time. A value of 13 would be a 1:00 PM installation time.

Conclusion

As you can see, there are a tremendous number of registry keys that can be used to configure Windows Update. If you are thinking about trying these keys out, I recommend testing your settings on a single PC before rolling out your changes on a large scale.

Featured Links

How to Prevent Security Breaches

Join Brien Posey, Microsoft MVP, for a discussion of the increasing trend of data breaches and real-life lessons learned, including recent examples such as the Anthem breach. Brien will also discuss future trends based on recent data breach investigations and address a range of topics including:

How and why do data breaches happen and which firms are more exposed?

What is the cost that data breaches hold for organizations?

What can companies do to stay protected?

The webinar includes a live Q&A session with our expert presenters to answer your top questions.

Online Survey: The Definitive State of Load Balancing and High Availability

MSExchange.org, KEMP Technologies and numerous MSFT and VMware experts worldwide would like to invite you to participate in our confidential 6 question survey on Load Balancing and High Availability. This survey takes about 6 minutes and all participants who wish can leave their email address and register to win a $50 Amazon gift certificate.

The results of this survey will be used to create a white paper on the State of Load Balancing. Everyone who registers will also get a copy of the white paper.

PowerShell Essentials (Part 7)

In this article, I'll explain how you can pass values to a PowerShell function... Read More

Tips and Tricks Using the Windows Hosts File

Here I will discuss how to access, open, and modify the Windows hosts file. I’ll give some tips and advice on making redirects, whether you want to block or filter sites or create shortcuts to certain websites... Read More